After a lengthy discussion on matrix, it seems that there is no official statement about how to get encrypted flash to work with espflash, aside from this guide which I was unable to get to work.

My experience using the above guide in Development Mode after many attempts was that I would receive a Invalid Header XXXX error, which according to the docs indicates that plain text is being flashed (its not being encrypted internally by the esp32).

The guide falls short about explaining if partition tables between the bootloader app, and the rust app, need to be identical along with other security kconfig settings (which I have experimented with).

Having a look at esptool.py, there is an additional --encrypt flag passed, which leads me to believe perhaps espflash needs to send a flag to the device to tell it to encrypt the data.

Digging into the code a little there is a conditional for stub and chip, I've tried variations on these to see if I could get it to work, but it hasn't.

Any assistance here is appreciated, it would be great if there were an official statement on if this should be working, along with a detailed (and maintained) guide.